Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Netscape Communicator 4.x sensitive informations in configuration file

From: Byron York <byron () benefitrecovery com>
Date: Fri, 28 Feb 2003 10:33:38 -0600
We use Netscape 4.74 with roaming profiles using POP3, and my prefs.js file
keeps the password hidden:

user_pref("mail.pop_name", "byron");
user_pref("mail.pop_password", "encryptedstuff");
user_pref("mail.remember_password", true);

I am not sure if the encryption is turned on someplace, but I suspect it is
on by default, for it is definitely there for all of our POP clients using
4.74.

Cheers,
Byron


Marc Ruef wrote:


Hi!

It seems that I'm one of the last Netscape 4.x users. During my research
for using roaming profiles I've checked a file named prefs.js in my
netscape folder (C:\Program Files\Netscape\Users\mruef).

The following paste shows the IMAP mail part of this configuration file.
You can see that the line 17 shows the unencrypted password
("MyPassword4").

--- cut ---

user_pref("mail.imap.server.imap.computec.ch.admin_url", "");
user_pref("mail.imap.server.imap.computec.ch.capability", 4641);
user_pref("mail.imap.server.imap.computec.ch.check_new_mail", true);
user_pref("mail.imap.server.imap.computec.ch.check_time", 60);
user_pref("mail.imap.server.imap.computec.ch.cleanup_folders_on_exit",
false);
user_pref("mail.imap.server.imap.computec.ch.cleanup_inbox_on_exit",
false);
user_pref("mail.imap.server.imap.computec.ch.delete_model", 2);
user_pref("mail.imap.server.imap.computec.ch.dual_use_folders", true);
user_pref("mail.imap.server.imap.computec.ch.empty_trash_on_exit",
false);
user_pref("mail.imap.server.imap.computec.ch.empty_trash_threshhold",
0);
user_pref("mail.imap.server.imap.computec.ch.isSecure", true);
user_pref("mail.imap.server.imap.computec.ch.namespace.other_users",
"");
user_pref("mail.imap.server.imap.computec.ch.namespace.personal",
"\"INBOX.\"");
user_pref("mail.imap.server.imap.computec.ch.namespace.public",
"\"shared.\"");
user_pref("mail.imap.server.imap.computec.ch.offline_download", false);
user_pref("mail.imap.server.imap.computec.ch.override_namespaces",
true);
user_pref("mail.imap.server.imap.computec.ch.password", "MyPassword4");
user_pref("mail.imap.server.imap.computec.ch.remember_password", true);
user_pref("mail.imap.server.imap.computec.ch.server_sub_directory", "");
user_pref("mail.imap.server.imap.computec.ch.userName", "mruef");
user_pref("mail.imap.server.imap.computec.ch.using_subscription", true);

-- cut ---

This is also true for POP3 and perhaps for SMTP, NNTP and LDAP
passwords. The passwords are only stored if the remember password option
is set (e.g. line 18).

It may be possible to extract these passwords during a sneaking access
to the system (local or remote by a backdoor)[1, 2] or examine a backup.
This weakness should be keeped in mind.

I'm not sure if this vulnerability exists in other Netscape versions
(e.g. 6 or 7).

Bye, Marc

[1] http://www.idefense.com/advisory/11.19.02c.txt
[2] http://www.securityfocus.com/bid/6215

--
Computer, Technik und Security                  http://www.computec.ch/
Meine private Webseite                    http://www.computec.ch/mruef/
Previous By Date Next
Previous By Thread Next

Current thread: